<div>
  If your LDAP server doesn't support <a href="http://www.google.com/?q=LDAP+anonymous+bind">anonymous binding</a>
  (IOW, if your LDAP server doesn't even allow a query without authentication),
  then Hudson would have to first authenticate itself against the LDAP server,
  and Hudson does that by sending "manager" DN and password.

  <p>
  A DN typically looks like <tt>CN=MyUser,CN=Users,DC=mydomain,DC=com</tt>
  although the exact sequence of tokens depends on the LDAP server configuration.
  It can be any valid DN as long as LDAP allows this user to query data.

  <p>
  This configuration is also useful when you are connecting to Active Directory
  from a Unix machine, as AD doesn't allow anonymous bind by default. But
  if you can't figure this out, you can also change AD setting to allow
  anonymous bind. See <a href="http://www.novell.com/coolsolutions/appnote/15120.html">this document</a> for how to.
</div>